Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ibmIBMBCF95808A9D5237256F6089616EAAF92216208E167581947AB45BA653518D7C6
HistoryJun 16, 2018 - 9:50 p.m.

Security Bulletin: IBM QRadar Incident Forensics is vulnerable to overly permissive CORS access policies (CVE-2016-9725)

2018-06-1621:50:45
www.ibm.com
8

EPSS

0.001

Percentile

36.2%

JSON

Summary

IBM QRadar Incident Forensics is affected by Cross-Origin Resource Sharing (CORS) which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them.

Vulnerability Details

CVEID: CVE-2016-9725**
DESCRIPTION:** IBM QRadar Incident Forensics allows for Cross-Origin Resource Sharing (CORS), which is a mechanism that allows web sites to request resources from external sites, avoiding the need to duplicate them.
CVSS Base Score: 5.3
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119741&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Affected Products and Versions

ā€¢ IBM QRadar SIEM 7.2.n

Remediation/Fixes

ā€¢ IBM QRadar/QRM/QVM/QRIF 7.2.8 Patch 4

Workarounds and Mitigations

None

Related

cvelist 1
nvd 1
cve 1
prion 1
ibm 1
cvelist
cvelist
CVE-2016-9725
2017-03-07 17:00:00
nvd
nvd
CVE-2016-9725
2017-03-07 17:59:00
cve
cve
CVE-2016-9725
2017-03-07 17:59:00
prion
prion
Cross site scripting
2017-03-07 17:59:00
ibm
ibm
Release of QRadar 7.2.8 Patch 4 (7.2.8.20170224202650) Updated w/Security Bulletins
2019-05-10 14:29:11

EPSS

0.001

Percentile

36.2%

JSON
Related for BCF95808A9D5237256F6089616EAAF92216208E167581947AB45BA653518D7C6
cvelist1nvd1cve1prion1ibm1